Skip to main content

F453 Firmware CVE-2026-3732

HIGH
Buffer Overflow (CWE-119)
2026-03-08 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 09, 2026 - 15:19 vuln.today
Public exploit code
CVE Published
Mar 08, 2026 - 11:15 nvd
HIGH 8.8

DescriptionCVE.org

A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

AnalysisAI

Stack-based buffer overflow in Tenda F453 firmware allows unauthenticated remote attackers to execute arbitrary code through the cmdinput parameter in the /goform/exeCommand function, with public exploit code already available. The vulnerability affects F453 firmware version 1.0.0.3 and has a CVSS score of 8.8, enabling complete compromise of affected devices without requiring user interaction. No patch is currently available.

Technical ContextAI

Classified as CWE-119 (Buffer Overflow). Affects F453 Firmware. A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

CVE-2026-3271 HIGH POC
8.8 Feb 27

Remote code execution in Tenda F453 firmware through a buffer overflow in the P2pListFilter HTTP handler allows authenti

CVE-2026-3167 HIGH POC
8.8 Feb 25

Unauthenticated attackers can trigger a buffer overflow in the Tenda F453 firmware via the webSiteId parameter in the /g

CVE-2026-3726 HIGH POC
8.8 Mar 08

Stack-based buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve full system

CVE-2026-3399 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 firmware versions 1.0.0.3 and earlier results from a buffer overflow in the httpd co

CVE-2026-3398 HIGH POC
8.8 Mar 01

Buffer overflow in Tenda F453 firmware versions 1.0.0.3 allows authenticated remote attackers to achieve full system com

CVE-2026-3380 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to execute arbitrary code via a buff

CVE-2026-3379 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 1.0.0.3 DNS firmware via a buffer overflow in the /goform/SetIpBind endpoint allows

CVE-2026-3378 HIGH POC
8.8 Mar 01

Remote code execution in Tenda F453 Firmware 1.0.0.3 allows authenticated attackers to achieve complete system compromis

CVE-2026-3377 HIGH POC
8.8 Mar 01

Buffer overflow in Tenda F453 1.0.0.3 firmware allows authenticated remote attackers to achieve complete system compromi

CVE-2026-3376 HIGH POC
8.8 Feb 28

Remote code execution in Tenda F453 firmware (v1.0.0.3) via a buffer overflow in the SafeMacFilter function allows authe

CVE-2026-3275 HIGH POC
8.8 Feb 27

Remote code execution in Tenda F453 firmware allows authenticated attackers to achieve complete system compromise throug

CVE-2026-3274 HIGH POC
8.8 Feb 27

Remote code execution in Tenda F453 firmware through a buffer overflow in the L7Prot HTTP handler allows unauthenticated

Share

CVE-2026-3732 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy